Modernizing Authentication — What It Takes to Transform Secure Access
"I have a large exchange server, I can handle three times the amount of data than what I now have, but I don't want 200 e-mails a day eating up my resources and bogging down my server," he said.
He is not alone. In a recent study, Ferris Research found that spam cost U.S. corporations $8.9 billion dollars in 2002. First, there is the lost productivity: Time spent opening and deleting ads for Viagra and porn and bogus financial schemes. Then there is the liability from a human-resources perspective, as employees walking down the hall find themselves accosted by on-screen images that are not workplace appropriate.
So, what is a small business to do?
Some small businesses go further, taking the off-the-shelf approach with products such as SpamCop and McAfee's SpamKiller, each of which costs under $50. While they generally draw positive reviews, these products do have their detractors, however. They note that small businesses need to be especially wary of unintentionally blocking important messages they would rather have received. But for a shop that is not heavily e-mail dependent, such a solution may indeed be sufficient.
Others, like Whitling, take the outsourcing approach.
There are numerous messaging-security firms around the nation that will take away spam hassles for a fee. One reason to outsource is that spam is a cat-and-mouse game. As blocking tools get better, spammers find new tactics. It's a moving target, and so the weapons must be constantly refined and adjusted. Moreover, it takes a combination of weapons to set up an effective defense.
"No single method blocks spam, so you combine them together to get the right effect," explained Gleb Budman, director of product management at MailFrontier, a Palo Alto, Calif. messaging security firm.
The MailFrontier system includes a "white list," the opposite of a blacklist. This is a dynamic list designed to admit all mail from specified senders: That's anybody in your electronic list of contacts, plus anyone you write to. Their mail will not be blocked.
Then come the blacklists of known spammers, as well as the content filters to stop all mail containing red-flag content. In addition, a challenge component will be used in ambiguous cases to ask the sender of suspicious mail to send a quick reply in order to validate their status as a legitimate sender.
That may sound like a lot of layers of defense, but such aggressive tactics are becoming increasingly necessary. "Spam has become bigger than just an e-mail nuisance," said Pat Rohde, president of Dataliant in Alpharetta, Georgia. "It is effecting people's storage on their news servers. Their Internet connection is taking more and more abuse in processing that e-mail. And of course there is just the lost productivity."
Rohde has seen it firsthand among his clients, some of whom report that as much as 50 percent of incoming e-mail is spam. With a problem of that magnitude, it is perhaps not surprising that Rohde finds himself talking more often these days to business owners and operations managers, rather than to information-technology people. "Just because it runs on a computer, that does not always mean it is an IT problem," he said.
The mere expense of the problem has boosted it onto the owners' desks in businesses that have tried to address the issue. For many small businesses, it is not economically practical to put an IT professional on full-time spam blocking duty.
Dataliant charges about $3 per mailbox per month to keep out spam. That cost has not inhibited Inhibitex, where Ron Whitling figures that in the long run the company is actually saving money by outsourcing the issue.
"Now I get no headaches with it," he said. "I am the only systems guy here, and I know how much time it would take me to administer something like that on my own. It would probably take me two hours a week per server, even if nothing is wrong. With this I am spending just five minutes every two days."
In those five minutes, Whitling skims through a special administrator's mailbox in which Dataliant keeps all the mail it has withheld. Even without the porn, which is automatically deleted, there are still some 200 messages every two days. Knowing what it would cost the firm in time and resources for him to implement and maintain his own system to block that onslaught, Whitling figures the outsourcing route is paying for itself.